New Add-On: Cloudflared

katsaplias · February 19, 2022, 2:39pm

did you find any solution?
I’ve tried again today and I still get the same response “technical issue”
Is someone else having the same problem?

batkite · February 19, 2022, 2:55pm

I ended up buying a domain at “namecheap” for 5 or 10 years I don’t remember.
A “.click” is the same price as a pack of 6 so… I encourage you not to waste more of your time

Borg_Swen · February 26, 2022, 11:00pm

How did you do this, I can’t figure out how to get my nextcloud addon working.
Did you add the domain to the trusted domains? And did you use the additional hosts function?
or did your route it through the nginx proxy manager?

I’d love to hear back

mhack · February 27, 2022, 2:11am

I’ve been trying to get the android app to work with cloudflared while using their zero trust rules to only allow specific devices/emails to access my HA instance. While I can access HA through my browser on mobile using the domain name, when i setup the app to use it, it leads me to the browser and then things get stuck there.

Anyone having luck using the android app with cloudflared and have pointers on how to proceed?

poudenes · February 27, 2022, 6:39am

Only what i did was add the IP range of the router into the trusted_domains.
And enable toe NPM option in Cloudflared Addon

brenner-tobias · February 27, 2022, 7:36pm

For me this is working only with GitHub as ID provider, not with Google. Which one are you using?

mhack · February 28, 2022, 3:12am

so far I was using a email based one time password, but i’ll try github

mhack · February 28, 2022, 4:08am

still does not do it for me (after setting up github as auth method), i get a “Unable to connect to home assistant” once i get past cloudflare

ericee9 · February 28, 2022, 3:47pm

Working great. Thank you so much. Keep up
the good work

Borg_Swen · February 28, 2022, 3:57pm

Thanks!
After a lot of fiddeling around I got it working, turned out to be a problem with getting the loopback to other docker containers working.

gekberlin · March 9, 2022, 1:04pm

i do have the same problem as mhack. Neither otp or github is working for the app. I get stuck after the log in with cloudflare aswell with the error "unable to connect..." . By accessing over a normal web browser everything works as aspected. Anyone a suggestion ?

benchr · March 21, 2022, 3:08am

thank you for making this add-on. Managed to get it working easily with a domain purchased for $5 on cloudflare. super simple. Added a second host today, and that worked better than I imagined.

I was wondering about the security of the domain resolving directly into the tunnel, and cant find much about how to protect that, but after playing around I managed to add my Application as a Self Hosted Application into Cloudflare Access, added some policies that only allow access from my domain authentication and from a device using the Warp Client. Testing from various devices seems to show its now locked down. Now I feel a little safer than before.

Thanks again for making this super simple. Now to figure out how to extract all my logs off cloudflare into influx/grafana.

brenner-tobias · March 21, 2022, 12:29pm

Yeah Cloudflare Zero Trust is not working very well with the HA app unfortunately. For me, it is working with the GitHub login. Sometimes, I did increate the session duration in for the App in Cloudflare to the maximum (1 month). If I have to login again after that time, it sometimes does not work directly and I have to restart the app, but mostly it works just fine.

Unfortunately, there is not much more that we can do, since this is not related to the add-on but the compatibility of the App with the authentication of Cloudflare Zero Trust…

jblakely · March 22, 2022, 3:44pm

I’m sure I am doing something stupid, but starting the add on I get this error:

[11:34:23] INFO: Creating config file...
[11:34:29] INFO: Validating config file...
Validating rules from /tmp/config.json
Validation failed: Hostname cannot contain a port
[11:34:29] FATAL: Validation of Config failed, please check the logs above.

I can’t find where the hostname contains a port.

What am I missing and where should I be looking?

Thanks

brenner-tobias · March 23, 2022, 10:38am

Hi. probably something minor in your hostname definition that does not pass the validation of Cloudflared. Feel free to pm me your config so I can have a look.

Alej · March 24, 2022, 1:02am

Wow! This was easy to setup! I had cloudflare already set up, but didn’t like having a port exposed.

How is this security wise compared to nabu casa?

What all can be done to increase security? I know with the cloudflare setup, it can be set to be strictly encrypted end to end.

matssa · March 27, 2022, 8:28pm

Hey guys I’m having a hard time with the NGNX proxy addon in HA and Adguard DNS and Cloudflared.

I’m using Cloudflared tunnel in order to access my server without opening ports on my router.

I’m also using NGNX in order to point my subdomain to my HA instance. In Cloudflared my subdomains goes toward my NGNX and that proxy redirects to my HA instance (and other stuff).

Finaly I have Adguard Home running on my asuswrt router. In my router DNSmasq, I’m rerouting all my sub domain names to my NGNX server (stay on local network).

So everything works today. However, I want to use my Adguard DNS when I’m not at home on my phone. So I want to pass the DNS over HTTPS through Cloudflared and use Adguard on my home and configure the DNS.
So currently it works with an entry in NGNX (domain → local IP address). It also works if I use a service in Cloudflared.

However I’m opening the connection to all my router IP. So I can say use another port to access to my router config, which is not cool.
For more security, I want to allow the domain to a specific URL (indeed the DoH is xxxxx/dns-query).

I tried in NGNX adding the /dns-query in the IP setting but it doesn’t work.

I also tried adding it in Cloudflared but doesn’t seem to work as well :-S

Does anyone know what I can do? Maybe work the custom locations?

Thanks a bunch!!

lu4t · March 29, 2022, 12:07am

Maybe you want to have a look at this video to edit the config.yml file.

Fg6 · March 29, 2022, 7:20am

~~Can you add ipv6 support (AAAA Type Records) to this plugin?~~
~~My ISP has ipv4 NAT~~
I think i posted it in the wrong place

This plugin is awesome, thank you so much

gigil · April 1, 2022, 7:48am

@ brenner-tobias
To begin with, thank you for an addon that might make life for a networking noob like me very very easy!
As for my circumstances, I am sitting behind a CGNAT, so I was struggling to find a way to get an https URL working.
Based on your documentation, I was able to setup the addon without a hitch and everything seems to have set up just fine. But I have no Idea how to utilize it. Like I said, I have next to no understanding of networking at the moment.
How do I access the tunnel to my HA server from outside, now that I do have the addon set up?
Trying to directly go to the domain name I created gives me a “400: Bad Request” response.
If you do have the time to guide a noob, I’d very much appreciate it. I do have all log entries at my disposal. Happy to share anything that you might need in order to help.

Edit: solved it. Missed the part that cloudflare only supports certain ports. changing my home assistant port resolved the issue